The new CEH v10 (Certified Ethical Hacker)
The first Ethical Hacking Certification was launched in 2002. The world had not known of such a program or certification, and obviously, it was met with suspicion. The word hacker did not go down well with organizations and authorities around the world.
This being the situation, the course still found its momentum through the need for cybersecurity in an ever-growing Industry (also consider checking this perfect guide for cyber security certification).
For example, the MIRAI botnet that took place in October 2016. Due to the latest technological advancements, we need to be more ready than ever. It is important to analyze the vulnerabilities and weaknesses of networks, systems, etc.
Listed as one of the baseline certifications on the US DOD 8570 directive.
The examination achieved the NC017024 credential.
CEH is sought after by many fortune 500 multinationals.
It is now a standard in education among the best graduate and post-graduate programs.
With leapfrogs in technology come new problems that need to be solved. It is almost as if by simplifying/solving a problem with technology, we only create another problem. It is much easier for hackers today to attack a system or network if proper protective measures are not taken.
In this regard, today we have the CEH v10- the latest version which will help ethical hackers in combating present day attackers.These attackers have improvised and developed new tools to hack into networks, systems, etc.
It is important to analyze the various possible vulnerabilities and weaknesses through vulnerability analysis. These vulnerabilities and weaknesses are used to gain access to confidential information.
There are 5 key highlights of the CEH v10
1) It has added a whole new module on the security of IoT devices. IoT has emerged as a potent threat vector, one with possible vulnerabilities and weaknesses. The MIRAI attack is a prime example of this; it was the largest denial of service attack using an IoT botnet.
A Study conducted by AT&T revealed a 458% increase in vulnerability scans of IoT devices.
The new IoT module has an in-depth study of the factors that affect IoT security. CEH v10 emphasizes the importance of security in this vulnerable area. It provides comprehensive guidelines for testing, deploying and managing IoT devices.
2) The old module on vulnerability analysis from CEH v9 has been re-engineered. Vulnerability analysis is a critical element of an ethical hacking life-cycle and the cyber kill chain.
CEH v10 will give candidates a far deeper understanding of the application of vulnerability analysis. This new version allows the application of vulnerability analysis in a real-world environment.
The module covers the vulnerability of management life cycle. It explains various approaches and tools used to perform the vulnerability assessment. It also discusses tools and techniques used by an attacker to perform vulnerability analysis on the systems.
Vulnerability analysis scans the networks for known security weaknesses. It plays a major role in providing security to the organization's resources and infrastructure.
The attack vectors could attack through various threat vectors.
3) The new version adds focus to emerging attack vectors on the cloud, AI, and machine learning.
CEH v10 provides new insights into cloud computing threats and cloud computing attacks. It discusses cloud computing security and necessary tools. There are key lessons to be learned that every ethical hacker must follow.
Usage of Artificial Intelligence and Machine Learning in cyber security helps in identifying new exploits and weaknesses. It reduces the pressure on security professionals alerting them as and when an action needs to be performed.
AI is a huge step in protecting networks against attacks. AV and perimeter mechanisms alone cannot detect these attacks (Here's a resource that will navigate you through cyber security attacks).
4) Certified ethical hacker v10 program has a complete malware analysis process included in its core body of knowledge. Malware is another major problem, which needs to be addressed. It can cause serious damage to intellectual property, and also lead to financial losses.
This new module illustrates the process of reverse engineering a piece of malware. This helps in determining the origin, functionality and potential impact.
The module covers critical knowledge and skills. This allows the Ethical hacker in identifying the indicators of compromise, the exploited vulnerability, the skill level of the intruder.
With the CEH v10 certification, the ethical hacker can tell if a malware introduction was to an external gatecrasher or an insider. All the trainee modules and techniques have been updated, lab environments available stimulate real-time environment.
What more, it is even in 100% compliance with the newer NICE 2.0 framework.
5) The launch of STORM is an exciting addition to the CEH v10; it is a mobile security toolkit.
STORM is a fully loaded Pen-Test platform; it comes equipped with a custom ISO. This ISO comes with today’s common hacking tools.
STORM is loaded onto a portable raspberry pi based touch-screen device. It adds on with a resource center, which is an LMS based platform. On this platform, learners can have access to the most up-to-date ISO. Adding on to this, one also experiences the latest tools and demos.
The CEH/Practical credential
There is a manpower challenge that Chief Information Security Officers (CISO) are facing. It is important to differentiate between those with the knowledge and those who actually have the skill to perform the functions.
The practical confirms that you have the skill to perform the functions.
The CEH practical is a practical exam built according to the given specifications of subject matter experts. It is a 6-hour long examination and those who have the CEH credential can appear on it.
The CEH practical-
Examines the candidate’s skill in identifying, and managing the vulnerabilities and weaknesses.
Requires the candidates to apply the Ethical Hacking techniques in 20 real-life situations. Threat Vector identification, network scanning, operating system detection, etc.
Mimics a real corporate network.
It is an exam that has been designed as a practical hands-on activity. It will test the skills of the ethical hacker and goes beyond having theoretical knowledge. It allows organizations to train, test and deploy the available workforce.